Insufficient Input Validation in SAP Financial Consolidation Software
CVE-2022-41208

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Financial Consolidation
Vendor: CVE Published:; 8 November 2022

What is CVE-2022-41208?

SAP Financial Consolidation version 1010 is vulnerable to an issue stemming from insufficient input validation. This vulnerability allows an authenticated attacker with user privileges to manipulate the current user session. If exploited, the attacker could gain access to view or modify sensitive information, potentially affecting the confidentiality and integrity of the application. Users should apply the latest updates and patches to safeguard against this risk.

Affected Version(s)

SAP Financial Consolidation = 1010

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3260708

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Sep 21, 2022